Cisco ASA and FortiGate are products that provide security for network applications, including firewall, SSL, web filtering and VPN. Both Cisco ASA and FortiGate are well liked among medium to enterprise sized businesses, but large established businesses tend to choose ASA, especially if their server environment is already Cisco. FortiGate is more popular among medium-sized businesses, which are more likely to be price sensitive.
Cisco ASA and FortiGate provide many of the same services, but there are standout features of each.
Cisco ASA is easy to deploy and works well in most environments. It adapts well to small and medium scale servers, especially servers that use Cisco products already. Users like the VPN for connecting remote users to the network or connecting one site to another, and businesses appreciate the web filtering component. The hardware is reliable, as is Cisco technical support.
FortiGate is a newer up-and-comer to the world of network security. It handles traffic spikes and larger server loads with ease, and is more affordable than its comparable competitors. The interface is simple to use, and the firewall is easy to configure. Simplified pricing allows businesses to pay only for the services they use.
Each of these firewall products has its own limitations that may affect which one potential customers will choose.
Though many users appreciate Cisco ASA and its reliable system and support, it can become expensive for smaller businesses, especially when factoring in support contracts. The interface is clunky and can be difficult to use. ASA is not as fully-featured as an NGFW (it’s missing the reliable multi-WAN support FortiGate has), and several users reported switching to an NGFW for a more robust solution.
The downside of FortiGate’s simplified pricing is that it affects scalability. If a user wants to increase server performance, they must buy additional products. Various versions of the software can be buggy, and frequent patches are released. While the user interface is good, the command line prompt can be confusing to use.
FortiGate pricing is available by quote from Fortinet or 3rd party providers. ASA pricing can be found by contacting Cisco or a certified Cisco Partner.
Provided by the TrustRadius Research Team
Published on October 8, 2020
Likelihood to Recommend
Feature Rating Comparison
Active Directory and LDAP
Firewall Management Console
Reporting and Logging
- Consistent commands. A lot of the general commands used on other Cisco switches and routers also work here, making it easy script common tasks and changes across multiple devices without having to switch command structure.
- Processing power. The ASA is incredibly fast and doesn't introduce much if any latency.
- My favorite aspect of the Fortigate product is the ease of use. The GUI is very easy to get around. The products rules and configuration are easy to learn and apply. The informational tools are easy to look at and produce results that are intuitive and quick to assess.
- Another great attribute of the FortiGate product was reasonable pricing for the product and then the ongoing support. Living in the SMB space with tight governmental budgets is a huge factor in all my decisions. When a company like Fortinet comes along and produces good products at very reasonable prices it is good for SMB companies like mine. Many vendors price their products in a fashion that is beyond consideration by SMBs like myself.
- Support is always a big factor in consideration of any product for our organization. Fortinet support has been extremely good. They have provided an onsite engineer at no cost to help us design, implement and maintain new products when needed. The call support has also been excellent, with quick response times and knowledgeable technicians.
- The gui interface is good, but often lacks the ability to perform full tasks without command line.
- Integration with other products can be complicated and you may need to find the custom commands from the 3rd party or support to make it work.
- A lot of their advanced features are present, but aren't fully integrated yet.
- Fortigate's SSL VPN client isn't available via MSI with an easy options for mass deployment and configuration out of the box. You need to have a Fortinet Developer Network license to create a custom deploy image.
- Fortinet's after hours support is overseas and is adequate. Not stellar.
Likelihood to Renew
Reliability and Availability
Return on Investment
- We've gotten every penny's worth of use with our Cisco ASA firewalls - they were a few thousand dollars to purchase, even in HA, and have been in production for over 5 years
- I'm glad that when the Cisco ASA IKE buffer overflow vulnerability was released, Cisco provided a code update, even though the 8.2-series code was EOL. This saved us and many companies from scrambling and spending big $ and time to put a workaround in.
- (Positive) The network is secured.
- (Positive) As an analyst, I have to convince C level executives regarding protection from threats, intrusion, and productivity of the network resources. And I am achieving all the segments with ease of access.
- (Neutral) The unavailability of post-sale service requires improvements. But due to the vast community of users and excellent documentation of the product, hides the lack of post-sale service availability.